Fraud & security 6 min read

APP Fraud in Europe: How Verification of Payee Cuts Misdirected Transfers

Authorised push payment (APP) fraud is one of Europe's fastest-growing scams — and it slips past traditional controls because the victim authorises the transfer. Verification of Payee closes the gap it exploits.

By Verification of Payee EU · powered by RoxPay

Key takeaways

  • APP fraud succeeds because the payer is tricked into authorising a genuine transfer to a fraudster's account.
  • The IBAN usually looks valid, so the missing safeguard is the payee name — which VoP verifies.
  • A 'no match' or 'close match' at the point of payment is often enough to break the scam.

In an authorised push payment (APP) scam, there is no stolen card and no hacked password. The victim is manipulated into sending money themselves — to a fake supplier, a spoofed 'safe account', or an invoice with the fraudster's IBAN swapped in. Because the customer approves it, most fraud engines never fire.

Why the IBAN alone is not enough

Traditional transfers validate the IBAN's format and routing, but never check who actually owns the account. A fraudster's IBAN is perfectly valid, so the payment sails through. The one piece of information that would expose the scam — does this name belong to this account? — is exactly what is missing.

The common weakness is the name

Whether it's invoice redirection, CEO fraud or a romance scam, they all share one trait: the account does not belong to who the victim thinks. Verifying the payee name is the single most direct countermeasure.

How Verification of Payee breaks the chain

VoP asks the payee's bank, in real time, whether the name matches the IBAN — and shows the answer to the payer before they authorise. The four standard outcomes double as fraud signals:

  • Match — name and account agree; the expected, low-risk result.
  • Close match — a small difference; confirm before paying.
  • No match — the classic red flag: the account does not belong to the named payee. Stop.
  • Not available — treat an unverifiable new payee with extra caution.

A warning at the only moment that counts

The power of VoP is timing. The warning appears at the point of payment, while the victim still controls the money — not in a fraud report the next day. That clear, well-timed signal is often enough to break the spell of social engineering.

RoxPay delivers this check on the SEPA VoP scheme via API and dashboard, so banks, PSPs and businesses can put a payee name check in front of every euro transfer and cut APP-fraud losses.

All articles
FAQ

Frequently asked

Authorised push payment fraud is when a victim is tricked into authorising a transfer to a fraudster — for example via a fake invoice or a 'safe account' call. Because the payer approves it, it bypasses most traditional fraud checks.

Yes. A mistyped but valid IBAN would still send money to the wrong person; VoP catches that 'no match' before the transfer is authorised.

No. VoP is informative: it warns, but the payer decides. Legitimate payments keep flowing while fraudulent ones are exposed.

Keep reading

APP fraud prevention How VoP stops misdirected and push-payment fraud. What is Verification of Payee? The IBAN/name check, in plain terms.

Stop APP fraud before money moves

Talk to RoxPay about adding a Verification of Payee check to every euro transfer.

Talk to an expert APP fraud prevention